CVE-1999-0191

Internet Information Server - Arbitrary File Write via newdsn.exe CGI Script

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0191. PoCs published by Vytis Fedaravicius.

AI-analyzed exploit summary This exploit leverages a default sample program in Microsoft IIS 3.0 to create arbitrary files on the server by manipulating the URL parameters. The vulnerability allows remote file creation with any extension, including .html, by specifying a path and filename in the query string.

Description

IIS newdsn.exe CGI script allows remote users to overwrite files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Vytis Fedaravicius · textremotewindows
https://www.exploit-db.com/exploits/20309

This exploit leverages a default sample program in Microsoft IIS 3.0 to create arbitrary files on the server by manipulating the URL parameters. The vulnerability allows remote file creation with any extension, including .html, by specifying a path and filename in the query string.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS 3.0
No auth needed
Prerequisites: Microsoft IIS 3.0 with default installation of newdsn.exe
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/275

Scores

EPSS 0.5330
EPSS Percentile 98.9%

Details

Status published
Products (1)
microsoft/internet_information_server 3.0
Published Sep 01, 1997
Tracked Since Feb 18, 2026